If there's any month of the year where you should be giving cybersecurity extra special consideration, it's October. That's because it's National Cybersecurity Awareness Month, a commemorative period designated by President Obama to call much-needed attention to the growing challenges posed by an evolving cyberthreat sphere.
"With National Cybersecurity Awareness Month upon us, here's what you need to know."
This year's commemorative month comes on the heels of a particularly threat-heavy 2015. Since the New Year rolled around, we've been inundated with a virtually uninterrupted flurry of breach headlines. Cybercriminals attacked every industrial sector out there, from large and small business to governments and healthcare providers. If 2014 was the so-called "Year of the Mega Breach," 2015 has proven just how diversified cybercriminals can be in their attack strategies and targets. This has been illustrated by a series of attention-grabbing cybercriminal incidents, including:
- An attack on the IRS, which resulted in a breach of a now-defunct record-keeping application that the organization offered to taxpayers. The attack led to more than 334,000 taxpayers having their personal data compromised. But the cybercriminals didn't stop there: After breaching the data, they put it to use filing bogus tax returns. The IRS didn't catch on to the attack until the hackers had already made off with $50 million in fraudulent refunds.
- A hack of a commercial aircraft's in-flight entertainment system, which led to the hacker being able to breach the administrative controls of the plane and cause it to move laterally. While this made for a terrifying headline, the reality wasn't as scary as it could have been, since the man who carried it out - security researcher Chris Roberts - didn't have malicious intentions, and instead was trying to conduct some (very) hands-on research into remote plane hacking. Roberts' grey hat hack has illuminated the frightening reality that planes in midair aren't immune to cyberattacks.
These hacks - and the many others that have taken place this year - all add up to a need to reflect on the importance of cyber preparedness. This is what Cybersecurity Awareness Month is all about.
"To properly commemorate this month, it's important to channel awareness into action."
With October well underway, it's time to focus on the specific considerations that Cybersecurity Awareness Month calls for. Therefore, we've put together a list of the main things that businesses, other organizations and individuals need to know with regard to the cyber state of today:
- The workplace is mobilized: The modern workplace is mobilized - whether companies are ready for that or not. That's because employees are bringing their mobile devices into the office and expecting to be able to use these devices for company network access. These days, roughly two-thirds of Americans own smartphones and are increasingly relying on these devices for online access. In fact, 10 percent of adults in the U.S. count their smartphone's data plan as their sole source of Internet. The mobility push extends to the workplace, where companies are expected to deploy bring-your-own-device (BYOD) policies and, increasingly, remote work options. This mobilizing of the office space opens the door for cyberthreats if suitable protective measures are not in place.
- Groups like the FBI are working to fight cybercrime - but their efforts alone aren't enough: During his tenure, President Obama has made cybersecurity a top administrative priority, and now several different agencies at the federal level are involved with cyber defense in some capacity. The FBI has its share of cyber responsibility, and the agency is currently working to spearhead the National Cyber Investigative Joint Task Force.The NCIJTF describes its mission as focusing "on making the Internet safer by pursuing the terrorists, spies and criminals who seek to exploit our systems. Because they act globally across many jurisdictions, the collaboration at the NCIJTF is critical to ensure all legal means and resources available are used to track, attribute and take action against these cyber threats." To that end, the group is integrally involved in tracking down and hopefully bringing to justice domestic cyber threats. Among the group's initiatives is Operation Clean Slate, whose mission is to "degrade or disrupt the [malicious] actor's ability to exfiltrate sensitive information from U.S. networks" and "increase the actor's cost of business by causing wasted time debugging failures," among other threat prevention measures.
But while groups like the NCIJTF represent important and highly necessary assets in the government fight against cybercrime, it's important to note that no domestic government entity will be able to eliminate the tide of cybercrime, since the threat comes from such a vast array of global sources. The remote and international nature of cybercrime is one of the main reasons it's so hard to punish, and there's only so much even the FBI can do to take down malicious actors.
- Smart device use is creating new vulnerabilities: Perusing Ralph Lauren's site, you may be surprised to find a stand-out among the normal sweaters and Oxfords: The PoloTech shirt, a shirt that harnesses seamlessly embedded silver fibers to provide actionable data to the wearer (stuff like heart rate information and breathing patterns). This fitness-focused piece of apparel is, indeed, a smart shirt, and it's one of many everyday items that are being instilled with intelligent capacities in the ever-growing push toward the Internet of Things. While the evolution of smart tech promises to make life easier in many ways - after all, it's pretty cool that a shirt can provide fitness metrics while it absorbs your sweat - it also opens up vulnerabilities that remote hackers can exploit. This was proven by some white hat hackers who were able to remotely overtake a smart Jeep while it was on the highway. If that ability falls into the wrong hands, that's a pretty scary situation.
Turning awareness into action
But cybersecurity awareness isn't the only thing this month is calling attention to. It's also intended to spur individuals, businesses, governments and other entities to be proactive about improving their commitment to security. Here's what organizations can do to harness Cybersecurity Awareness Month to implement better cyber practices:
- Evaluate the company cyber policy - and if you don't have one, make one: For enterprises, the mobile push is mostly a very positive development. With the increase in remote workers, BYOD policies and the deployment of Internet of Things tech in offices across industries, businesses are experiencing the productivity boost that comes from an unprecedented level of connectedness. But if companies don't match that connectedness with a well-suited cyber policy, they're all but asking to be attacked. Devising a robust enterprise cyber policy isn't a conversation that should be confined to the administrative boardroom - it needs to be something that happens across a company, and once a policy is rolled out, everyone associated with the business needs to be on the same page in terms of adhering to it.
- Make sure employee bad password and device security habits are eliminated: The typical person is not likely to come up with complex passwords. Nor is he or she likely to be hyper aware of when his or her mobile device is potentially compromised. Therefore, as enterprises optimize their cyber strategy, one of the key steps is to ensure that all staffers are educated in the fundamentals of device security and good password habits.
- Guard your business with mobile security: A mobilized company means heightened security needs. When it comes to defending mobility, companies can't rely on good employee practices alone to keep intruders out. That's why mobile solutions like those offered by Entrust IdentityGuard are absolutely imperative. A solution like the one offered by Entrust Datacard provides device certificates, application protection, analytics and MDM integration. All are necessary in the fight against cyber threats targeting mobile platforms.
- Implement authentication solutions: As the IRS hack showed, instances of identity theft aren't only rampant, but growing in sophistication. One of the key steps for businesses to driving down the likelihood of an identity theft-based incident is to ensure that identity vetting takes place in the most secure way possible - namely, via multifactor authentication.
Company efforts to turn awareness into action should extend well beyond October, since cybersecurity is something we need to be aware of every month of the year.